Re: To trust or not to trust???
- From: "Austin Osuide" <austin@xxxxxxxxxxx>
- Date: Wed, 21 Nov 2007 19:32:01 -0000
Hi Jmos,
The underlying issue is one of trust. Not AD trusts mind :-)
Do you trust the way the partner forest is managed? Looks like, from what I'm reading, they don't exactly trust you and want to delegate an OU in their forest for you to manage your resources in.
I would have thought, if you had WS03 domains, that a forest trust would have been easier to setup/manage than a migration of your resources into an OU in their forest.
Also, if you do do the migration to an OU in the partner forest, why should the migrated Admins be domain Admins? No need really. They can have delegated responsibilities at the OU level.
There are no hard and fast technical reasons that determine which way you should go wrt their forest or yours.
The political decision IMHO should be sorted out then the technical solution will follow.
Regards,
Austin
"jmos" <jmos@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:EE504811-A103-43AA-8823-0D617B20D982@xxxxxxxxxxxxxxxx
We currently have two companies which need to merge but a difference of
opinion and I could do with another view.
As a standard practice I want to setup a trust between both forests so that
resources can be easily accessed from each other domain without too much
issue. This buys the IT depts from both sites time to align AD's over a 9
month period.
However, their IT dept don't want to do that as 'it's too much work' and
'more complicated'. Thus their suggestion is that they send us a DC
configured in their domain and we migrate our AD into a subset OU of theirs.
Obviously block inheritance would be a must and both sets of Admins would
have to have access at Domain Level.
I'm not convinvced and want a more stable and stage approach to the merger
of the two entities.
Can anyone offer andy help or advice on this issue?
Many Thanks
JMOS
.
- Follow-Ups:
- Re: To trust or not to trust???
- From: jmos
- Re: To trust or not to trust???
- Prev by Date: RE: AD Trusts and Firewall
- Next by Date: Re: Cannot find domain controller
- Previous by thread: Duplicate SPN - but unsure how to fix!
- Next by thread: Re: To trust or not to trust???
- Index(es):
Relevant Pages
|
